Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Management in Practice

Published byJeffrey Collin Higgins Modified over 7 years ago

Similar presentations

Presentation on theme: "Security Management in Practice"— Presentation transcript:

1 Security Management in Practice

2 Contact Dr. Phil Legg Phil.Legg@uwe.ac.uk Room 2Q17
(available for meetings Tuesdays, Wednesdays, Fridays, but please book via 24 hours ahead).

3 Module Delivery and Assessment
One hour lecture session Two hour workshop session Research-based activities (individual and group) to support course content and further learning. Assessment: Project-based assessment: Report (75%) and Presentation (25%)

4 Evaluate the significance of security laws and regulations
Learning Outcomes Understand the significance of ISO and other standards in the specification of a Information Security Management System Analyse the range of real world security issues that face commercial organisations and Institutes Evaluate the significance of security laws and regulations Propose an ISMS for a real organisation, using recognised methods and to an internationally recognised standard Reflect on the process of specifying an ISMS, justifying methods used and /or proposing alternatives

5 Module Schedule Blackboard content will be available
Attendance for lectures and seminars will be monitored.

6 Recommended Text Information Security Management Principles. (Second edition), Andy Taylor, David Alexander, Amada Finch, David Sutton. Information Security: The Complete Reference (Second Edition), Mark Rhodes-Ousley.

7 Introduction to Security Management

8 Introduction What is Security, and why is it important?
How can we effectively manage Security? What is Security Management? What is it that we are trying to secure?

9 What is Security? Security is not a single aspect
Security is a process. Three D’s of security: Defense Detection Deterrence

10 Why is Security important?
Personal and organisational security: Protection of property (tangible security). Hardware systems, assets, products, buildings. Protection of information (intangible security). Knowledge, data, intellectual property.

11 What is Security Management?
Need to allow access only when authorized and necessary. Need to prevent access when unauthorized. How do we ensure that this is actually the case?

12 Information Technology Governance
Guidelines for effective, efficient and acceptable use of information and communication technology within their organisation. Strategic planning for IT in line with the vision and mission of the organisation Oversight and monitoring of all IT-activity. An IT decision-making model.

13 Information Security Concepts
Information Security (IS). Preservation of confidentiality, integrity and availability of information; in addition, other properties such as authenticity, accountability, non-repudiation and reliability can also be involved. (ISO 27001) Information Assurance (IA). The confidence that information systems will protect the information they carry and will function as they need to, when they need to, under the control of legitimate users. (UK Cabinet Office)

14 Information Security Principles
Confidentiality. The property that information is not made available or disclosed to unauthorised individuals, entities or processes. Integrity. The property of safeguarding the accuracy and completeness of assets. Availability. The property of being accessible and usable upon demand by an authorised entity. Asset. Anything that has value to the organisation, its business operations and its continuity.

15 Managing Security = Managing Risk
Identify Risk Management Life Cycle Monitor Analyse Treat

16 PDCA (Plan-Do-Check-Act)
Risk Management Life Cycle Act Do Check

17 Information Security Principles
Threat. A potential cause of an incident that may result in harm to a system or organisation. Vulnerability. A weakness of an asset or group of assets that can be exploited by one or more threats. Risk. The potential that a given threat will exploit vulnerabilities of an asset or group of assets and thereby cause harm to the organisation. Impact. The result of an information security incident, caused by a threat, which affects assets.

18 Information Security Challenges
The effect of the rapidly changing business environment. Balancing cost and impact of security with the reduction in risk. Security as an enabler of progress by reducing the cost of the loss, corruption, non-availability or unauthorised release of information. The role of information security in combating hi-tech (and other) crime.

19 What are the three D’s of information security?
Quiz What are the three D’s of information security? Defense Detection Deterrence

20 What is the CIA model of information security?
Quiz What is the CIA model of information security? Confidentiality Integrity Availability

21 Recap What is security and how do we manage this?
Managing security is about managing risk. IT governance – an organisational decision-making model. Information security models (PDCA) and key concepts

Download ppt "Security Management in Practice"

Similar presentations

Module 1 Evaluation Overview © Crown Copyright (2000)

Module 1 Evaluation Overview © Crown Copyright (2000)
Information Technology – Guidelines for the Management of IT Security

Information Technology – Guidelines for the Management of IT Security
S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,

S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
Overview and Introduction

Overview and Introduction
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”.
Overview Of Information Security Management By BM RAO Senior Technical Director National Informatics Centre Ministry of Communications and Information.

Overview Of Information Security Management By BM RAO Senior Technical Director National Informatics Centre Ministry of Communications and Information.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Risk Assessment and Management. Objective To enable an organisation mission accomplishment, by better securing the IT systems that store, process, or.

Risk Assessment and Management. Objective To enable an organisation mission accomplishment, by better securing the IT systems that store, process, or.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:

Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.

Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
IT Risks and Controls Revised on 2014. Content Internal Control  What is internal control?  Objectives of internal controls  Types of internal controls.

IT Risks and Controls Revised on Content Internal Control  What is internal control?  Objectives of internal controls  Types of internal controls.
International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.

International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.
IS 630 : Accounting Information Systems Auditing Computer-based Information Systems Lecture 10.

IS 630 : Accounting Information Systems Auditing Computer-based Information Systems Lecture 10.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.

Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.

Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.
Control and Security Frameworks Chapter Three Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc. 2007.

Control and Security Frameworks Chapter Three Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc

Similar presentations

Ads by Google